nixos/whale2: Update to netavark backend
All checks were successful
CI / Check, build and cache Nix flake (push) Successful in 31m25s
All checks were successful
CI / Check, build and cache Nix flake (push) Successful in 31m25s
This commit is contained in:
parent
1df34e0515
commit
41fd54cfad
@ -108,46 +108,31 @@ in
|
||||
oci-containers = {
|
||||
backend = "podman";
|
||||
};
|
||||
# NixOS has switched to using netavark, which is native to podman. It's currently missing an option to
|
||||
# disable iptables rules generation, which is very annoying.
|
||||
containers.containersConf.settings.network.network_backend = mkForce "cni";
|
||||
containers.containersConf.settings.network = {
|
||||
network_backend = "netavark";
|
||||
firewall_driver = "none";
|
||||
};
|
||||
};
|
||||
|
||||
environment = {
|
||||
etc = {
|
||||
"cni/net.d/90-colony.conflist".text = toJSON {
|
||||
cniVersion = "0.4.0";
|
||||
"containers/networks/colony.json".text = toJSON {
|
||||
name = "colony";
|
||||
plugins = [
|
||||
{
|
||||
type = "bridge";
|
||||
bridge = "oci";
|
||||
isGateway = true;
|
||||
ipMasq = false;
|
||||
hairpinMode = true;
|
||||
ipam = {
|
||||
type = "host-local";
|
||||
routes = [
|
||||
{ dst = "0.0.0.0/0"; }
|
||||
{ dst = "::/0"; }
|
||||
];
|
||||
ranges = [
|
||||
[
|
||||
id = "0000000000000000000000000000000000000000000000000000000000000001";
|
||||
driver = "bridge";
|
||||
network_interface = "oci";
|
||||
ipv6_enabled = true;
|
||||
internal = false;
|
||||
dns_enabled = false;
|
||||
subnets = [
|
||||
{
|
||||
subnet = prefixes.oci.v4;
|
||||
gateway = net.cidr.host 1 prefixes.oci.v4;
|
||||
}
|
||||
]
|
||||
[
|
||||
{
|
||||
subnet = prefixes.oci.v6;
|
||||
gateway = net.cidr.host 1 prefixes.oci.v6;
|
||||
}
|
||||
]
|
||||
];
|
||||
};
|
||||
capabilities.ips = true;
|
||||
}
|
||||
];
|
||||
};
|
||||
};
|
||||
|
Loading…
Reference in New Issue
Block a user